Method for configuring access to, remote controlling, and monitoring at least one home automation device forming part of a home automation installation

ABSTRACT

The present invention relates to a method of remotely configuring access to at least one home automation device (D) that is part of a home automation installation (Su), the home automation installation comprising at least one home automation device (D) and at least one central control unit (U), and the method being performed by a first remote access service (Svc 1 ) carried out by a management unit and comprising the following steps: receiving (ECfSvc 19 ; ECfSvc 14 ) a remote access request (MP, Min) relating to at least one home automation device (D) linked to the profile of a user (Usr 1 ) and intended for a second service (Svc 2 ), the request being relative to an identifier (UsrlID 1 ) of the user (UsrlID 1 ) with the first service (Svc 1 ); receiving (ECfSvc 16 , ECfSvc 19 ) an authorization in reply to the access request by the user (Usr 1 ); configuring (ECfSvc 110 ) an access authorization repository so as to accept at least one control command (MCa) arriving from a second service (Svc 2 ), or the transmission of monitoring data (MSa) to the second service (Svc 2 ) for the home automation device (D) linked to the user profile (USr 1 ). The invention also relates to a control and monitoring method.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a National Stage of PCT Application No.PCT/FR2017/053775 filed on Dec. 21, 2017, which claims priority toFrench Patent Application No. 16/63453 filed on Dec. 28, 2016, thecontents each of which are incorporated herein by reference thereto.

FIELD OF THE INVENTION

The present invention concerns a method for configuring access, a methodfor controlling and a method for supervising at least one homeautomation device of a home automation installation.

PRIOR ART

A home automation installation of a building may comprise a plurality ofhome automation devices. It is known to proceed with the configuration,and with the monitoring, that is to say, with the control and/or thesupervision of said installation by using a central control unit whichcommunicates with one or several home automation device(s).

The users may wish to use third-party services to exploit the datagenerated by the home automation devices of the installation or enable amonitoring by third-party services.

Nonetheless, the heterogeneity of home automation devices and themanagement of access to each device aiming at ensuring the security ofthe home automation installation, make such an opening of the systemdifficult.

The present invention aims at solving all or part of the above-mentioneddrawbacks.

DISCLOSURE OF THE INVENTION

To this end, the present invention concerns a method for configuring aremote access to at least one home automation device belonging to a homeautomation installation, the home automation installation comprising theat least one home automation device and at least one central controlunit, the method being implemented by a first remote access serviceexecuted by a management unit and comprising the following steps of:

-   -   Receiving a remote access request concerning at least one home        automation device related to the profile of a user for the        benefit of a second service, the request relating to an        identifier of the user from the first service;    -   Receiving an authorization of the access request by the user;    -   Configuring an access right repository in order to approve at        least one control order originating from a second service or the        sending of supervision data to the second service on behalf of        the home automation device related to the profile of the user.

Thanks to the arrangements according to the invention, a second servicecan obtain access to at least one home automation device belonging to ahome automation installation in an easy manner while preserving amonitoring by the user, and without having to set up an infrastructureof access to the home automation device, via the first service.

According to one implementation, the remote access approval of thesecond service may be global for a given installation related to theuser account of the user, or concern only a group of devices or aparticular home automation device. In the same manner, this registrationmay concern all state variables or commands of a device, or concern asubset of the state variables or commands of a concerned devicedepending on a filtering.

According to one embodiment, the access right repository stores thecorrespondence between a second service and the authorized actions onresources of the first service. A resource may in particular comprise anidentifier of a logical element of a home automation installation or ahome automation device under the monitoring of the first service.

The scope or granularity of the access authorization may be predefineddepending on the service concerned by the access request, or else by theemitter of the authorization. Different levels of granularity may beprovided depending on the possibilities of the first service.

Thus a resource may consist of an entire installation or else a homeautomation device or a set of devices, or even one or several command(s)or function(s) or state variable(s) of a home automation device.

According to one embodiment, the second service proceed with thecreation of an account for the user, with a corresponding identifierUsr1ID2, and can record the correspondence between the identifierUsr1ID1 of the user on the first service, and the identifier Usr1ID2 ofthe user on the second service, as well as the correspondingidentification token.

According to one implementation, the second service then communicates tothe first service a confirmation of the creation of the user account andoptionally the created identifier Usr11D2.

In the context of the present invention, a state variable is an elementdescribing the state of a home automation device. The value of a statevariable may correspond to the ON/OFF condition for a switch, or to anopening degree or percentage for a shutter. Moreover, a state variablemay correspond to a measurement value of a sensor, for example a valueof a physical or environmental quantity. The description of the statesof the devices may be generic or specific, depending on the localprotocol. The identifiers of the state variables may be numeric oralphanumeric. The values of the state variables may use formats orscales which are customized or proprietary.

In the context of the present invention, a command corresponds to anorder that may be given to a home automation device in order to carryout an action by this device or to obtain an information feedback, forexample an information relating to a state variable of this device.

According to one implementation, the management unit executing the firstservice is a server remotely connected to the at least one homeautomation installation, via a wide area network. It should be notedthat the term server is a logical designation which may cover the use ofseveral physical servers to distribute the computer processing load tobe carried out.

According to another aspect of the invention, the management unitexecuting the first service may be a central unit intended to beconnected to one or several central control unit(s) on distinct privateor local area networks, or else on the same local area network.

The management unit executing the second service is a server remotelyconnected to the management unit executing the first service. As before,the term server is a logical designation which may cover the use ofseveral physical servers to distribute the computer processing load tobe carried out.

In the context of the present invention, a home automation device is ahome automation equipment and/or a sensor, or still a portion of a homeautomation equipment or a portion of a sensor corresponding to afunctional subset. A home automation device may also correspond to acontrol point of other home automation devices.

In the context of the present invention, a message is an informationelement notified or received via a communication module from an externalequipment, or in the form of a synchronous or asynchronous call, whichmay also correspond to a local or remote function call.

In the context of the present invention, an installation is a setcomprising a plurality of home automation devices and at least onecentral control unit disposed on one single building or on a pluralityof locations, each home automation device being related to a centralcontrol unit among the plurality of central control units, the pluralityof central control units forming a group under the control of one user.The electronic devices form groups of at least one home automationdevice related to a central control unit.

In the context of the present invention, a central control unit of thehome automation installation is an electronic unit comprising:

-   -   at least one processing unit for containing and executing at        least one computer program,    -   at least one communication module intended to monitor and/or        control at least one home automation device; and    -   at least one module for communication with the management unit.

The electronic unit may be independent or integrated into a homeautomation device. In the latter case, the communication module intendedto monitor and/or control the device may be a communication moduleinternal to the home automation device and/or a communication moduleintended to monitor and/or control other home automation devices. Insome applications, a central control unit may communicate with themanagement unit through an intermediate management unit, for example athird-party service provider, whose intermediate management unitprovides a service interface or API.

The central control unit may also be integrated to a router and/or amodem achieving a connection to a wide area network, in particular theInternet.

In the context of the present invention, a first service corresponds toa user service intended for the monitoring of the home automationinstallation by an end user. The user service is a remotely accessiblecomputerized service, which enables access to at least one monitoring orsupervision function of a home automation installation or a homeautomation device, by means of a user interface. The user interface canbe accessible through a graphical interface, or via a programminginterface.

A second service corresponds to a third-party service, which is able togenerate at least one remote instruction for carrying out at least onecommand for at least one home automation device of an installation or toprocess data originating from at least one home automation device.

The first service may be under the monitoring of a first entity and thesecond service may be under the monitoring of a second entity.

According to one implementation, the configuration step comprises a stepof generating an identification token for the second service.

According to one implementation, the reception of an access requestauthorization will result in the generation of an identification tokenof the second service by the first service. This arrangement allowssecurely identifying requests originating from a second service. Thus, asecond service, approved by a user associated with a home automationsystem managed by the first service and containing at least one homeautomation device, will have to provide the identification token in itsquery to the first service.

According to one implementation, the identification token is thentransmitted to the second service, directly or via the emitter of theapproval message.

According to one implementation, this identification token may bepermanently valid or limited in time.

According to one implementation, this token will be stored in the accessrepository. This arrangement allows performing the correspondence withthe authorizations on the resources.

According to one implementation, the remote access request is receivedfrom the second service.

According to one implementation, the remote access request can identifythe user by the identifier Usr1ID1.

According to an implementation which corresponds to a first case, theuser, via a user terminal, requests a registration to the second servicedirectly from this second service. Thus, in this case, the user emits aregistration request to this second service. In a simultaneous ordistinct step, the user also transmits, to the second service, theidentifier Usr1ID1 which identifies the user before the first service.The second service proceeds with the creation of an account for theuser, with a corresponding identifier Usr1ID2.

According to one implementation, the method comprises the followingstep, prior to the step of receiving an authorization, consisting in:

-   -   Requesting an approval or a confirmation of the access request        for the benefit of the second service before the user.

According to one implementation, the user receives the approval requestvia his terminal.

According to one implementation, which corresponds to the first case,the user confirms his approval or authorization of the access request ina response which is received by the first service at a step distinctfrom the reception of the access request.

According to one implementation, the remote access request for thebenefit of the second service is received from the user.

Thus, according to an implementation which corresponds to a second case,the user, via a user terminal, requests a registration with the secondservice via the first service. In this case, the step of receiving anaccess request and the approval step may be combined together.

According to one implementation, the method further comprises thefollowing step of:

-   -   Sending at least one message containing a list of available        second services to the user or to a user terminal;    -   The step of receiving a registration and approval request        Min/Mac corresponds to a selection of a second service in the        list of second services contained in the message.

According to one implementation, the method further comprises thefollowing step, prior to the step of sending a message containing a listof the available second services, consisting in:

-   -   Receiving a query message originating from the user in order to        obtain a list of available second services from the first        service.

According to one implementation, the method further comprises thefollowing step of:

-   -   Sending an approval/registration message to the second service.

According to one implementation, the step of sending anapproval/registration message to the second service by the first serviceis subsequent to the configuration step.

According to one implementation, the method comprises the following stepof:

-   -   Sending at least one message for describing or transmitting a        filtered view of the installation or a group of home automation        devices comprising at least one device, to the second service.

According to one implementation, the method comprises an additional stepof registering the second service as a subscriber for events concerningthe at least one device.

The present invention also concerns a method for configuring a remoteaccess to at least one home automation devices belonging to a homeautomation installation, the home automation installation comprising theat least one home automation device and at least one central controlunit, the home automation installation being accessible by a firstremote access service, the method being implemented by a second remoteaccess service and comprising the following steps of:

-   -   Receiving an authorization of an access request by the user; the        remote access request concerning at least one home automation        device related to the profile of a user for the benefit of a        second service;    -   Configuring a profile or an account for the user on the second        service and recording a correspondence between an identifier of        the user on the first service, and the identifier of the user on        the second service.

According to one implementation, the remote access request can identifythe user by the identifier Usr1ID1.

According to one implementation which corresponds to a first case, theuser, via a user terminal, requests registration to the second servicedirectly from this second service. Thus, in this case, the user emits aregistration request to this second service Svc2. At a simultaneous ordistinct step, the user also transmits the identifier Usr1ID1, whichidentifies the user before the first service, to the second service. Thesecond service proceeds with the creation of an account for the userUsr1, with a corresponding identifier Usr1ID2.

According to a second case, the registration to the second service isrequested from the first service.

According to one implementation, the method comprises a step ofreceiving an identification token from the first service.

According to one implementation, the method comprises a step ofrecording an identification token with the first service incorrespondence with a user profile or account. The present inventionalso concerns a method for configuring a remote access to at least onehome automation device belonging to a home automation installation, thehome automation installation comprising the at least one home automationdevice and at least one central control unit, the method beingimplemented by a first remote access service executed by a managementunit and comprising the following steps of:

-   -   Receiving an information message concerning a presence of the        home automation device originating from a central control unit        to which the device is related;    -   Determining a second service associated with a type of the home        automation device for which a remote access must be configured        with corresponding access rules;    -   Configuring an access right repository in order to approve at        least one control order originating from the second service or        the sending of supervision data to the second service on behalf        of the home automation device.

Thanks to the arrangements of the invention, a second service can easilyobtain access to at least one home automation device belonging to a homeautomation installation while preserving a monitoring by the managementunit, and without having to set up an infrastructure of access to thehome automation device, via the first service.

According to one implementation, the access right repository may usecalculation algorithms taking as input information on the device, thestate variable and the second service (type, identifier and value) andoutputting a Boolean result indicating whether access is authorized.These arrangements allow limiting the data stored in the repository byusing logical rules for determining the authorizations for a givendevice and limiting the extensive searches in this repository, whichallows improving the performances.

According to one implementation, the information message concerning thepresence of the home automation device corresponds to the establishmentof a connection between the central control unit and the home automationdevice and/or to the discovery of the home automation device by thecentral control unit. The connection is made via a network, inparticular a home automation network. For example, this situation maycorrespond to the installation of a device by a user or an installer ina home automation installation and to the pairing or the discovery ofthe home automation device with a central control unit present in theinstallation, or else to the installation of a central control unit andthe pairing or the discovery by this central control unit of apreviously installed home automation device.

According to one implementation, the home automation device and/or theinstallation are related to a user profile or account on the firstservice. The user profile or account on the first service may beassociated with an identifier Usr1ID1 of the user on the first service.

According to one implementation, the step of determining a secondservice associated with a type of the home automation device for which aremote access must be configured comprises a consultation of an accessrules definition repository.

According to one implementation, the access rules definition repositorymay comprise at least one association between a type of home automationdevice, at least one second service and optionally access or filteringrules. The access rules definition repository, may be included in theaccess right repository or distinct therefrom, but accessible by thefirst service.

According to one implementation, the configuration step comprises a stepof generating an identification token for the second service.

According to one implementation, the configuration method comprises thefollowing step, prior to the configuration step, consisting in:

-   -   Requesting an access authorization for the benefit of the second        service before the user.

According to one implementation, the user receives the request forapproval via a terminal.

According to one implementation, which corresponds to the first case,the user confirms his approval or authorization of the access request ina response which is received by the first service.

According to one implementation, the configuration method comprises thefollowing step of:

-   -   Sending an approval/registration message to the second service.

According to one implementation, the step of sending anapproval/registration message to the second service by the first serviceis subsequent to the configuration step.

According to one implementation, the configuration method comprises thefollowing step of:

-   -   Sending at least one message for describing or transmitting a        filtered view of the installation or a group of home automation        devices comprising at least one device, to the second service.

According to one implementation, the method comprises an additional stepof registering the second service as a subscriber to events concerningthe at least one device.

The present invention also concerns a method for configuring a remoteaccess to at least one home automation device belonging to a homeautomation installation, the home automation installation comprising theat least one home automation device and at least one central controlunit, the home automation installation being accessible by a firstremote access service, the method being implemented by a second remoteaccess service and comprising the following steps of:

-   -   Receiving an access authorization concerning at least one home        automation device for the benefit of the second service;    -   Configuring a profile or an account for a user under the        monitoring of whom, the home automation device is placed on the        second service and recording a correspondence between an        identifier of the user on the first service, and the identifier        of the user on the second service.

According to one implementation, the remote access authorization canidentify the user by the identifier Usr1ID1.

According to one implementation, the method comprises a step ofreceiving an identification token from the first service.

According to one implementation, the method comprises a step ofrecording an identification token from the first service incorrespondence with a user profile or account.

The present invention also concerns a method for remotely controlling atleast one home automation device belonging to a home automationinstallation, the home automation installation comprising the at leastone home automation device and at least one central control unit, themethod being implemented by a first remote access service executed by amanagement unit and comprising the following steps of:

-   -   receiving a control message concerning at least one command to        be carried out on the at least one home automation device        originating from a second service;    -   checking the authorization of the command requested in the        message for the service before an access right repository;    -   in the case where the command is authorized for the second        service, sending at least one control message to at least one        central control unit to which the at least one home automation        device, concerned by the command, is related.

According to one implementation, the check-up of the authorizationconsists in checking whether it concerns at least one home automationdevice for which remote access has been authorized, and/or if theconcerned command or function is authorized for this home automationdevice for the second service.

According to one implementation, the token is obtained during a priorauthorization step.

The format of the control message received by the first service may bedistinct from that of the control message sent to the central controlunit, a format conversion may be carried out by the first service.

According to one implementation, the central control unit emits acontrol message to the home automation device concerned by the commandwhich receives it at one step. The format of this message may bedistinct from that of the message, a format conversion may be carriedout by the central control unit. According to one implementation, thehome automation device then performs the command. The home automationdevice can communicate a feedback code or a result of the command in afeedback message to the central control unit.

According to one implementation, the control message concerning at leastone command to be carried out on the at least one home automation deviceoriginating from a second service comprises an identification token; themethod further comprises a step of checking the validity of theidentification token for the service before the access right repository.

According to one implementation, the method further comprises thefollowing steps of:

-   -   Receiving a feedback message originating from the central        control unit to which the device is related.    -   checking the authorization of the sending of a feedback message        for the command to the service before an access right        repository;    -   in the case where the communication of the command feedback code        is authorized for the second service, sending a feedback message        to the second service.

According to one implementation, the check-up of the authorizationconsists in checking whether the feedback message concerns at least onehome automation device for which remote access has been authorized,and/or whether the concerned command or function feedback code isauthorized for this home automation device for the concerned secondservice.

According to one implementation, the format of this message sent to thesecond service may be distinct from that of the message communicated bythe central control unit, a format conversion may be carried out by thefirst service.

According to one implementation, the control method comprises the stepsof a configuration method as previously described.

The present invention also concerns a method for remotely controlling atleast one home automation device belonging to a home automationinstallation, the home automation installation comprising the at leastone home automation device and at least one central control unit, thehome automation installation being accessible by a first remote accessservice, the method being implemented by a second remote access serviceand comprising sending of a control message concerning at least onecommand to be carried out on the at least one home automation device tothe first service.

According to one implementation, the control message comprises anidentification token.

The present invention also concerns a method for remotely supervising atleast one home automation device belonging to a home automationinstallation, the home automation installation comprising the at leastone home automation device and at least one central control unit, themethod being implemented by a first remote access service executed by amanagement unit and comprising the following steps of:

-   -   Receiving a supervision message originating from a central        control unit comprising information concerning at least one        state variable of the at least one home automation device        related to the central control unit.    -   Checking the authorization of the sending of a supervision        message concerning the state variable of the home automation        device to the second service before an access right repository;    -   In the case where the sending of the supervision message is        authorized, Sending a supervision message to the second service.

According to one implementation, the check-up of the authorizationconsists in checking whether it concerns at least one home automationdevice for which a remote access has been authorized, and/or if thecommunication of data relating to the concerned state variable isauthorized for this home automation device for the second service.

Thanks to the arrangements of the invention, a filtering on a type ofstate variable can be carried out, or even a filtering on value rangesof the state variable.

According to one implementation, the supervision message may correspondto an event of change in value of the state variable.

The format of the received message may be distinct from that of the sentmessage, a format conversion may be carried out by the first service.

The emission of the supervision message by the central control unit maybe subsequent to the reception, by the central control unit, of asupervision message originating from the home automation device. Thismessage may for example correspond to an event of change in value of thestate variable.

According to one variant, in the case where the central control unit isintegrated in the device, the constitution of the supervision messagecan be carried out locally upon the detection of the triggering eventcorresponding to the change in value of the state variable.

According to another variant, in the case where the central control unitis distinct from the device, it is also possible that the deviceperiodically sends messages and that it is the central control unitwhich operates a check-up to identify the value changes. Finally, it isalso possible that the supervision messages are sent to the firstservice without notice of any change in value.

The sending of the supervision message by the first service to thesecond service may correspond to a direct notification between the firstservice and the second service which corresponds to a direct sending.Nonetheless, other mechanisms may be used.

In particular, according to a first variant, a queuing mechanism may beimplemented, the messages may be stored by the first service on thequeue and asynchronously collected by the second service.

According to one implementation, the method comprises a step of checkingthe validity of the identification token for the service before theaccess right repository. Thus, if the token is not valid, in particularif the validity of the token has expired when the check-up is performed,no supervision message is sent to the second service. For example, itcan also be provided that the token for a second service is invalidatedby the first service if there is no longer any agreement between thefirst entity monitoring the first service and the second entitymonitoring the second service or else if the user deletes hisauthorization to the second service. It is also possible that the tokenis invalidated after a predetermined period if the token is not renewed.

The present invention also concerns a method for remotely supervising atleast one home automation device belonging to a home automationinstallation, the home automation installation comprising the at leastone home automation device and at least one central control unit, thehome automation installation being accessible by a first remote accessservice, the method being implemented by a second remote access serviceand comprising the reception of a supervision message originating fromthe first service comprising information concerning at least one statevariable of a home automation device.

According to one implementation, the method comprises a local storage ofthe information relating to the state variables by the second service.

According to one implementation, the method further comprises thefollowing step of:

-   -   storing information relating to the state variables by the first        service.

According to one implementation, a filtering of the information isperformed prior to the storage. This configuration is in particularuseful in the case where the device is the property or under themonitoring of a second entity in charge of the second service, the firstservice and possibly the central control unit being under the monitoringof a first entity and acting as an infrastructure service.

According to one implementation, a local storage of information relatingto the state variables can be carried out by the second service.

According to one implementation, the supervision method comprises thesteps of a configuration method as previously described.

The different non-incompatible aspects defined hereinabove may becombined.

BRIEF DESCRIPTION OF THE FIGURES

The invention will be better understood from the detailed descriptionwhich is exposed hereinafter with reference to the appended drawing inwhich:

FIG. 1 is a schematic view of a building and a home automationinstallation in accordance with an embodiment of the invention;

FIG. 2 is a diagram presenting an architecture of a system comprisingthe home automation installation illustrated in FIG. 1, a second homeautomation installation, as well as a server intended to be connected toa user terminal;

FIG. 3 is a diagram representing a server or a server group intended forthe execution of a first remote access service and a second server orserver group intended for the execution of a second remote accessservice.

FIG. 4a is a diagram illustrating a first implementation of a method forconfiguring a remote access to at least one home automation device of ahome automation installation.

FIG. 4b is a diagram illustrating a second implementation of a methodfor configuring a remote access to at least one home automation deviceof a home automation installation.

FIG. 5 is a diagram illustrating an implementation of a method forconfiguring a remote access to at least one home automation device of ahome automation installation.

FIG. 6 is a diagram illustrating an implementation of a method forremotely supervising at least one home automation device of a homeautomation installation.

DESCRIPTION WITH REFERENCE TO THE FIGURES

In the following detailed description of the figures definedhereinabove, the same elements or the elements filling identicalfunctions may preserve the same references so as to simplify theunderstanding of the invention.

Description of a System Comprising a Home Automation Installation

As illustrated in FIG. 1, a building 1 comprises for example three roomsRo1, Ro2, Ro3. The building 4 also comprises home automation equipment 3and sensors 5.

A home automation equipment 3 may consist of an actuator arranged todisplace or set an element of the building 1, for example an actuator 7for displacing a rolling shutter 9 or a terrace awning 19, or aregulation system 10 for a heater 11 or a ventilation system 13. A homeautomation equipment 3 may also consist of a lighting, for example aterrace external lighting 21 or a lighting control system, an alarmsystem, or still a video camera, in particular a video-surveillancecamera.

The home automation installation Su may also comprise a control point 15an actuator 7, such as a wireless control box B for the rolling shutter9.

The home automation installation Su may comprise one or severalsensor(s) 5, integrated to an actuator 7, to a control point 15 or tothe control box B or independently of these elements. In particular, asensor 5 may be arranged to measure a physical unit, for example atemperature sensor, an insolation sensor or a humidity sensor. Positionsensors 5 of home automation equipment 3 of the building 1, such as, forexample, sensors of the open state of a rolling shutter 9 or sensors ofthe position of a door leaf such as a window, whether motorized or not,may also be provided. The home automation installation may also compriseone or several presence sensor(s). The installation may also compriseone or several electric power consumption sensor(s).

A home automation equipment 3 and a sensor 5 should thus be consideredas units having information on observed actual states of elements of thebuilding 1 and being capable of sharing this information with otherelements of the home automation installation Su.

The home automation equipment 3 and the sensors 5 can thus have accessto any measurable physical unit, such as the temperature of each roomRo1, Ro2, Ro3 or a state of an element of the building 1, such as theopen state of a rolling shutter 9, the state of an alarm, etc.

In the following, we will use the home automation device or device Ddesignation indifferently to designate sensors or home automationequipment, or parts of home automation equipment 3 or sensors 5.

The home automation devices generally comprise a processing unitcomprising a processor executing an embedded software. This softwareshall be updated to improve the functions thereof or proceed withcorrections.

The home automation installation Su comprises one central control unitor a plurality of central control units U1, U2. In particular and asexample, two central control units U1, U2 are represented in FIG. 1.According to one variant, a home automation installation may alsocomprise one single central control unit.

Each central control unit U1, U2 is arranged to control and/or monitorpart of the devices D of the installation Su forming a group DGrU1,DGrU2. As example, in FIG. 1, the central control unit U1 is in chargeof the devices D disposed in the rooms Ro1 and Ro2 of the first floor ofthe building, whereas the central control unit U2 is in charge of thedevices D disposed in the room Ro3 on the ground floor of the buildingand the external devices.

In particular, the control and/or monitoring is carried out remotely, inparticular using a wireless communication protocol, for example a radiocommunication protocol. Each central control unit U1, U2 is arranged togroup together all data originating from the devices D of its groupDGrU1, DGuU2 and to process these data.

As represented in FIG. 2, each central control unit U is arranged tocommunicate with a server Sv1.

The central control units U1, U2, U3 are disposed on a private networkPN, PN′, whose access is generally protected by a firewall FW. Inparticular, in the example represented in FIG. 2, two central controlunits U1, U2 are disposed on a first private network corresponding to afirst home automation installation, while a third central control unitU3 is disposed on a second private network PN′, independent from theprivate network PN corresponding to a second home automationinstallation Su′. The server Sv1 is also disposed on a private networkSN. The private network PN is connected to a wide area network N, forexample Internet. Of course, the server Sv1 is arranged to communicatewith a set of such central control units U. We will in the followingdescribe one of these units.

A central control unit U comprises a processing unit 2 arranged tocontain and execute a first computer program. As example, the processingunit 2 comprises a processor, a storage flash memory as well as a randomaccess memory, and an Ethernet chip.

The processing unit executes an embedded software. This software shallbe updated to improve the functions thereof or proceed with corrections.

The central control unit U further comprises at least one communicationmodule 2′ intended to monitor and/or control home automation equipment 3and/or sensors 5, the home automation equipment 3 may consist ofactuators 7, lightings 21, an alarm system, or a video camera.

As example, as represented in FIG. 2, the communication module 2′enables the monitoring and control of at least one actuator 7, a movableelement of the building 1, such as for example a rolling shutter 9, oran orientable sunshade 9′ or other actuators 7 or lightings 21, aspreviously described with reference to FIG. 1, according to the localfirst communication protocol P1.

As example, the communication module 2′ may be arranged to implement forexample one or more of the local first protocols P1 such as for exampleZ-Wave, EnOcean, io-Homecontrol, Somfy RTS, KNX, MODBUS, Wavenis,Philips HUE. In general, these first local protocols are non-IP localcommunication protocols.

According to another possibility, for example in the context of alarmsystems, the central control unit may be integrated into the homeautomation device. According to still another possibility, the centralcontrol unit may also be integrated to a router and/or a modem achievinga connection to a wide area network, in particular the Internet.

In the case where the central control unit is integrated into a homeautomation device, the communication module 2′ intended for themonitoring and/or the control of the device may be a communicationmodule internal to the home automation device and/or a communicationmodule intended for the monitoring and/or the control of other homeautomation devices.

The reception of information from a sensor 5 providing information onthe presence of a user or values of surrounding parameters, such astemperature, humidity and brightness, is also provided. In the samemanner, the central unit U can enable the monitoring and/or the controlof an alarm system.

Each central control unit U may further comprise a communication module4′ for communicating according to a target second communication protocolP2, with a mobile communication terminal T. The target secondcommunication protocol may for example be a communication protocol abovethe protocol IP on a local area network, or else a genericpoint-to-point protocol. As example, the application protocol WEAVEusing 6lowpan and thread transport protocols for a mesh network mayconstitute a target second protocol. Other examples include Bluetooth,Zigbee or Wifi.

The communication terminal T may contain and execute an applicationsoftware APP.

Each central control unit U further comprises a module 4 forcommunicating with the server Sv1. The server Sv1 enables the remotecontrol and/or monitoring and comprises one or several processingunit(s) 102 arranged to contain and execute a second computer program.

In some applications, a central control unit U may communicate with theserver Sv1 through an intermediate server, for example a third-partyservice provider, whose intermediate server provides a service interfaceor API. In turn, the server Sv1 comprises at least one communicationinterface 104 intended for the communication with the central unit U.

The server Sv1 may also comprise a communication interface 106 intendedfor the communication with a control and/or monitoring interface INenabling an end user Usr1 to remotely monitor the home automationinstallation, in particular via a user service Sv1 c 1.

It should be noted that the term server is a logical designation whichmay cover the use of several physical servers to distribute the computerprocessing load to be carried out.

For example, the control and/or monitoring interface IN comprises a webserver 107 and a mobile communication terminal T1 communicating via thewide area network N. For example, the mobile communication terminal T1may consist of a smartphone or a tablet. The mobile communicationterminal T1 may be the same or a terminal of the same type as that withwhich the central control unit U locally communicates by means of thecommunication module 4′, or a different terminal. We will designatethese mobile terminals indifferently by the reference T1. Alternatively,the end user may also make use of a fixed terminal.

The control and/or monitoring interface IN1 comprises a processor whichmay be disposed at the level of the web server 107 and/or the mobilecommunication terminal T1.

The processor of the control and/or monitoring interface IN is arrangedto use a third computer program. In turn, this third computer program isarranged to execute a downloadable application.

The mobile communication terminal T comprises a data input device and adisplay device, for example in the form of a tactile control portion ofa screen of the terminal T and in the form of one or several button(s)of the terminal T.

The server SV1 may also comprise a communication interface 108 intendedfor the communication with another server Sv2 under the responsibilityof an entity other than that which operates the server Sv1 and whichproposes at least one second service as will be described later on. Thisinterface enables the communication between the two servers Sv1 and Sv2on a local or wide area network, for example Internet.

Unique Identifier of a Home Automation Device

The server Sv1 and the central control units U may use a uniqueidentifier to identify the home automation devices. The structure of aunique identifier of a home automation device DURL will now be describedin connection with a particular embodiment.

According to this embodiment, the unique identifier of a home automationdevice comprises information on:

-   -   The local native protocol of the home automation device D,    -   The communication path to the device D, including the        intermediate central control units U and the termination        addresses to cross, whether organized or not in a hierarchical        topology;    -   A subsystem identifier subsystemId if the device belongs to a        group of devices D associated to the same address. The devices        that are a unique expression of an address have no extension for        identifying a subsystem.

Thus, the form of the unique identifier of a device DURL may be asfollows:

<protocol>://<gatewayId>/<rawDeviceAddress>(#<subsystemId>)

Wherein the following fields are present:

protocol: identifier of the native device local protocol.

gatewayId: identifier of the first central control unit U, for example aserial number or a unique identifier.

rawDeviceAddress: a simple or multi-level path. Its meaning and itsformat depend on the addressing scheme of the local communicationprotocol of the device D.

subsystemId: this optional field indicates an identification, forexample a rank of the subsystem (starting for example at 1), if such asubsystem is present.

EXAMPLES

1) knx://0201-0001-1234/1.1.3

This unique identifier DURL corresponds to a device D communicating bythe KNX procotol with an individual address 1.1.3 accessible to thecentral control unit U carrying the identifier #0201-0001-1234.

2) io://0201-0001-1234/145036#2

This unique identifier DURL corresponds to a subsystem carrying thenumber 2 associated to a device D communicating by the io-Homecontrolprotocol with a radio address 145036 accessible to the central controlunit U carrying the identifier #0201-0001-1234.

First Service and Second Third-Party Service

The Server Sv1 or a Server group Sv1 hosts one or several softwareserver(s) for providing services, as illustrated in FIG. 3.

In particular, a first service Svc1 corresponds to a user serviceintended for the remote monitoring of the home automation installationSu by an end user Usr1. The user service Svc1 is a remotely accessiblecomputerized service, which enables access to at least one control orsupervision function of a home automation installation or of a homeautomation device, by means of a user interface. The user interface canbe accessed through a graphical interface, or via a programminginterface.

A second service Svc2 corresponds to a third-party service, which isable to generate at least one remote instruction for carrying out atleast one command for at least one home automation device D of aninstallation Su, or to process data originating from at least one homeautomation device D.

The first service Svc1 may be under the monitoring of a first entity andthe second service Svc2 may be under the monitoring of a second entity.The second service can be considered as a partner service to which anaccess can be granted.

For example, the first entity may be a home automation installationinfrastructure or management provider, and the second entity may be aservice provider in connection with the data or the control of homeautomation devices. In particular, it is possible to consider aninstallation comprising a device D of the consumption sensor type, forexample an electric power consumption sensor. The second service Svc2can provide a consumption tracking feature that requires access toconsumption data generated by the consumption sensor. For example, thesecond service may be a user service of a power supplier.

Access Right Repository and Identification Token

The first service Svc1 implements an access right repository Rf. Theaccess right repository Rf stores the correspondence between a callingsecond service Svc2 and the authorized actions on resources Rc of thefirst service Svc1. A resource Rc is an identifier of a logical elementof a home automation installation Su under the monitoring of the firstservice Svc1, possibly arranged to present different levels ofgranularity depending on the possibilities of the service Svc1. Thus, aresource Rc may consist of an entire installation St or a homeautomation device D or else a set of devices D, or even one or severalcommand(s) C or function(s) or state variable(s) S of a home automationdevice D. According to a particular embodiment, the resources can beorganized in a hierarchical manner using an access path type resourceidentifier corresponding for example to the device identifier DURLdescribed previously, by possibly adding a complementary resourceidentifier Rc, or by defining intermediate levels corresponding to anaccess to several elements of the defined arborescence. Table 1hereinbelow gives an example of a first data structure of the repositoryRf.

TABLE 1 Example of a first data structure of the repository Rf SecondService Svc2 Resources RC Authorized Actions Svc2setup/1234/sensors/temperature/* READ Svc2setup/1234/actuators/rollershutters/*/command/open EXECUTE

In this example of a repository, the service Svc2 is authorized to readthe state variables of the temperature sensors of the installation No.1234 and to use the «open» command on all rolling shutter-typeactuators.

Thus, when the second service Svc2 will perform a reading or commandrequest from Svc1 on a given resource Rc, the first service will be ableto check in its access right repository Rf if the query can beauthorized. Similarly, in the case where information relating toresources Rc under the monitoring of the first service Svc1 are updated,such as changes in value of the state variables S of the home automationdevices D, these can be automatically retransmitted to the service Svc2if the associated resource Rc is authorized for reading in therepository Rf.

In order to securely identify queries originating from the service Svc2,the service Svc1 can use an identification token Tk of the service Svc2.

This identification token Tk may have a permanent or limited validity,in which case it will have to be regularly renegotiated with the firstservice Svc1. This token will be stored in the repository Rf of theservice Svc1 to perform the correspondence with the authorizations onthe resource.

Thus, a service Svc2, approved by a user Usr1 associated with a homeautomation installation Su managed by the service Svc1 and containing adevice D1, shall provide the identification token Tk associated withthis installation in its query to the service Svc1. Table 2 hereinbelowgives an example of a second data structure of the repository Rf.

TABLE 2 Example of a second data structure of the repository Rf SecondService Svc2 Token Svc2a Tka Svc2b Tkb

The identification token for a second service may be invalidated by thefirst service if there is no longer any agreement between the firstentity monitoring the first service and the second entity monitoring thesecond service or else if the user deletes his authorization to thesecond service. It is also possible that the token is invalidated aftera predetermined period if the token is not renewed.

For example, the repository may be constituted by a database or adirectory service. This repository may be included in the first serviceSvc1 or external and accessible by the first service Svc1. According toan alternative or complementary embodiment, the access right repositorymay use calculation algorithms taking as input information on thedevice, the state variable and the second service (type, identifier andvalue) and outputting a Boolean result in return indicating whetheraccess is authorized.

Access Rules Definition Repository

In order to define the access rights contained in the access rightrepository Rf, the first service can use an access rules definitionrepository Rf0, which may be included in the access right repository ordistinct therefrom, but accessible by the first service Svc1. The use ofthis repository Rf0 for defining access rules will be detailed withreference to the second implementation of a configuration methodhereinbelow.

The access rules definition repository Rf0 comprises associationsbetween a type of home automation device DT, at least one second serviceSvc2 and optionally access or filtering rules. Thus, the first serviceSvc1 can determine a second service associated with the home automationdevice D1 for which a remote access must be configured withcorresponding access or filtering rules. The authorization type given toa second service Svc2 may be defined according to rules establishedbetween the first entity monitoring the first service Svc1 and thesecond entity monitoring the second service Svc2. An example of accessrules definition table contained in the access rules definitionrepository Rf0 is represented hereinbelow in Table 3.

TABLE 3 Example of access rules definition table Device type DT Secondservice Authorized Actions DT1 Svc2_1 READ/Temperature DT2 Svc2-EXECUTE/Shutter Up/down

Configuration Method

First Embodiment

We will now describe a method for configuring a remote access to atleast one home automation device D belonging to a home automationinstallation Su with reference to FIG. 4 a.

We assume that the user Usr1 has a user account for the service Svc1with a corresponding identifier Usr1ID1.

According to a first scenario C1, the end user Usr1, via a user terminalT, requests a registration to the service Svc2 directly before theservice Svc2.

In this case, at a step ECfUsr11, the end user Usr1 emits a registrationrequest to the second service Svc2 which receives this request at a stepECfSvc21.

At a simultaneous or distinct step ECfUsr12, the end user also emits theidentifier Usr1ID1, which identifies the user Usr1 before the firstservice Svc1, to the second service Svc2 which receives it at a stepECfsvc22.

At a step ECfsvc23, the second service Svc2 proceeds with theconfiguration or the creation of a profile or account for the user Usr1,with a corresponding identifier Usr1ID2. The second service alsoproceeds with the registration of a correspondence between an identifierUsr1ID1 of the user Usr1 on the first service, and the identifierUsr1ID2 of the user Usr1 on the second service Svc2.

At a step ECfsvc24, the second service Svc2 emits an access request MPto the first service Svc1 which receives it at a step ECfsvc14. Theaccess request may identify the user Usr1 by the identifier Usr1ID1.

At a step ECfSvc15, the first service may request an approval or aconfirmation of the approval of the access before the user Usr1, forexample via his terminal T, which receives it at a step ECfUsr15.

At a step ECfUsr16, the user confirms his approval of the access in aresponse MAC which is received by the service Svc1 at a step ECfSvc16.

According to a second scenario C2, the end user Usr1, via a userterminal T requests registration to the second service Svc2 from thefirst service Svc1.

In this case, at a step ECfUsr17, the end user Usr1 emits a query MPreqin order to obtain a list of second services available and supportedbefore the first service Svc1 which receives this request at a stepECfSvc27.

At a step ECfScv18, the first service Svc1 returns a response MPListcontaining a list of the available second services which is received bythe user at a step ECfUsr18.

At a step ECfUsr19, the end user Usr1 selects a partner service andemits a registration and approval request Min/Mac before the firstservice Svc1 which receives this request which corresponds to an accessrequest for the second service Svc2 and to an authorization at a stepECfSvc19.

The approval of this partner service may be global for a giveninstallation related to the user account of the user Usr1, or may onlyconcern a group of devices or a particular home automation device D. Inthe same manner, this registration may concern all state variables orcommands of a device or concern a subset of the state variables or ofthe commands of a concerned device depending on a filtering. Forexample, in the case of a second service Svc2 aiming at proposing anenergy optimization, only the reading of the values of the statevariables S relating to home automation devices D corresponding totemperature sensors or consumption sensors and/or the command C of aheating mode (eco, comfort) of the installation may be authorized forthe service Svc2. The consultation of the state variables or thetriggering of the command concerning the other home automation devicesof the installation such as the lamps, shutters or access doors to thehome or garage, for example, will not be authorized to the service Svc2for security reasons.

Following the step ECfSvc16 in the first case C1 or the step ECfSvc19 inthe second case C2, the first service proceeds with a configuration stepECfSvc110 to enable the approval of a control order from the secondservice Svc2 or for sending supervision data to the second service Svc2.In particular, the first service Svc1 configures an access rightrepository Rf. The structure of this repository has been previouslydescribed. The first service Svc1 therefore configures the repository Rfin accordance with the access request received and approved by the userfor given resources RC in order to obtain for example a structure asdescribed in Table 1. The authorization type given to a second serviceSvc2 may be defined according to rules established between the firstentity monitoring the first service Svc1 and the second entitymonitoring the second service Svc2.

During the configuration step, an identification token Tk may also begenerated for the second service Svc2 and stored in the repository Rf.The token may be communicated to the service Svc2 at a later stage. Thecommunication of the token between the service1 and the service2 may becarried out via the user terminal.

At a step ECfSvc111, the first service Svc1 emits anapproval/registration message to the second service Svc2 which isreceived by the second service at a step ECfsvc11. The identificationtoken Tk may be communicated for example during this step or during adistinct step.

In the second case C2, at a step ECfsvc212, the second service Svc2proceeds with the configuration or the creation of a profile or accountfor the user Usr1, with a corresponding identifier Usr1ID2, and canrecord the correspondence between the identifier Usr1ID1 of the userUsr1 on the first service, and the identifier Usr1ID2 of the user Usr1on the second service. The second service can also store theidentification token Tk.

In the second case C2, at a step ECfSvc213, the second service Svc2 thencommunicates a confirmation of the creation of the user account andoptionally the created identifier Usr1ID2.

In the first case C1 and the second case C2, at a step ECfSvc114, thefirst service Svc1 can transmit a description MDesc, or a filtered viewof the installation or a group of home automation devices D comprisingat least one device, to the second service Svc2, which receives it at astep ECfsvc214.

According to an additional step ECfSvc115, the second service Svc2 maybe registered as a subscriber to events concerning the at least onedevice D concerned by the remote access.

Second Mode of Implementation

We will now describe a method for configuring a remote access to atleast one home automation device D belonging to a home automationinstallation Su with reference to FIG. 4 b.

We assume that the user Usr1 has a user account for the service Svc1with a corresponding identifier Usr1ID1.

The user Usr1 or an installer proceeds with the installation of a deviceD1 in his home automation installation Su and with the pairing of thishome automation device D1 with a central control unit U present in theinstallation which corresponds to an exchange of informationconstituting steps EcfbD1 and EcfbU1 respectively. Alternatively, theexchange of information may correspond to the installation of a centralcontrol unit U and the discovery by this central control unit U of apreviously installed home automation device D. This event corresponds tothe establishment of a connection via the network R1 between the centralcontrol unit U and the home automation device D.

The central control unit U then proceeds at a step EcfbU2 with thesending of an information message concerning the presence or thediscovery of the home automation device D1 to a management unit Sv whichreceives this message at a step EcfbSvc12.

At a step EcfbSvc13, the first service Svc1 consults the access rulesdefinition repository Rf0 in order to determine whether there is asecond service associated with the type of the home automation device D1for which a remote access must be configured with correspondingfiltering or action rules. We will herein assume that such a service isdefined.

Optionally, the first service can request at a step EcfbSvc13′ anauthorization before the end user Usr1, via a user terminal T, prior tothe configuration of the remote access, and condition the configurationof the access by a positive response from the user.

The access for the second partner service may be global for a giveninstallation related to the user account of the user Usr1, or onlyconcern a group of devices or a particular home automation device D.Similarly, the access may concern all state variables or commands of adevice, or concern a subset of the state variables or of the commands ofa concerned device depending on a filtering. For example, in the case ofa second service Svc2 aiming at proposing an energy optimization, onlythe reading of the values of the state variables S relating to the homeautomation devices D corresponding to temperature sensors or consumptionsensors and/or the command C of a heating mode (eco, comfort) of theinstallation can be authorized for the service Svc2. The consultation ofthe state variables or the command triggering concerning the other homeautomation devices of the installation such as lamps, shutters or accessdoors to the home or garage, for example, will not be authorized to theservice Svc2 for security reasons.

The first service Svc1 then proceeds with a configuration step EcfbSvc14to enable the approval of a control order originating from the secondSvc2 service or to send supervision data to the second service Svc2. Inparticular, the first service Svc1 configures an access right repositoryRf. The structure of this repository has been previously described. Thefirst service Svc1 therefore configures the repository Rf in accordancewith the access request received and approved by the user for givenresources Rc in order to obtain for example a structure as described inTable 1.

During the configuration step, an identification token Tk may also begenerated for the second service Svc2 and stored in the repository Rf.The token may be communicated to the service Svc2 during a subsequentstep.

At a step EcfbSvc15, the first service Svc1 emits anapproval/registration message to the second service Svc2 which isreceived by the second service at a step Ecfbsvc25. The identificationtoken Tk may be communicated for example during this step or during adistinct step. The message may contain information about the user Usr1or its identifier Usr1ID1 of the user Usr1 on the first service. In thecase where the first service has requested an authorization from the enduser Usr1 via a user terminal T, the transmission of theapproval/registration message may also be performed via said terminal Twhich will receive the message in response to its approval from Svc1 andreturn this message to the second service Svc2.

At a step Ecfbsvc26, the second service Svc2 proceeds with theconfiguration or the creation of a profile or account for the user Usr1,with a corresponding identifier Usr1ID2, and can record thecorrespondence between the identifier Usr1ID1 of the user Usr1 on thefirst service, and the identifier Usr1ID2 of the user Usr1 on the secondservice. The second service can also store the identification token Tk.

At a step EcfbSvc27, the second service Svc2 then communicates aconfirmation of the creation of the user account and optionally thecreated identifier Usr1ID2.

At a step EcfbSvc18, the first service Svc1 can transmit a descriptionMDesc, or a filtered view of the installation or a group of homeautomation devices D comprising at least one device, to the secondservice Svc2, which receives it at a step Ecfbsvc28.

According to an additional step EcfbSvc19, the second service Svc2 maybe registered as a subscriber to events concerning the at least onedevice D concerned by the remote access.

Control Method

We will now describe a method for remotely controlling at least one homeautomation device D belonging to a home automation installation D withreference to FIG. 5. We herein assume that the steps of a configurationmethod have been carried out for example in accordance with what hasbeen previously exposed with reference to FIG. 4a or 4 b.

At a step ECSvc21, the second service Svc2 emits a control message MCato the first service Svc1 which receives it at a step ECSvc11. Thismessage concerns a home automation device D, and a command C to becarried out on this device. The message MCa also contains identificationelements allowing validating that the request actually originates froman authorized second service Svc2, such as the identification token Tkobtained during the configuration method.

At a step ECSvc12, the service Svc1 operates a monitoring in order tocheck the identification of the second service Svc2, for example, basedon the identification token. The service Svc1 then checks up whether acommand requested in the message MCa by the service Svc2 is authorized,that is to say if it concerns a device D for which authorization hasbeen given during the configuration, and/or if the concerned command orfunction is authorized for this device for the second service Svc2. Inparticular, this check-up is performed before the repository Rf.

At a step ECSvc13, in the case where the command C is authorized for theservice Svc2, the first service Svc1 emits a control message MCb to acentral control unit U to which the home automation device D concernedby the command C is related which receives it at a step ECU3. The formatof this message may be distinct from that of the message MCa, a formatconversion may be carried out by the first service.

At a step ECU4, the central control unit U emits a control message MC tothe home automation device D concerned by the command C which receivesit at a step ECD4. The format of this message may be distinct from thatof the message MCb, a format conversion may be carried out by thecentral control unit U.

At a step ECD5, the home automation device D performs the command C.

At a step ECD6, the feedback code or the result of the command iscommunicated in a feedback message MCR by the device D to the centralcontrol unit U which receives it at a step ECU6.

At a step ECU7, the feedback code or the result of the command iscommunicated in a feedback message MCRb by the central control unit U tothe first service Svc1 which receives it at a step ECSvc17. The formatof this message may be distinct from that of the message MCR, a formatconversion may be carried out by the first service Svc1.

At a step ECSvc18, the service Svc1 operates a check-up in order todetermine whether the feedback code contained in the message MCrb can betransmitted to the service Svc2, in particular if the feedback code ofthe concerned command or function is authorized for this device for theservice Svc2. This check-up is carried out before the repository Rf.

At a step ECSvc19, in the case where the feedback code or result can becommunicated to the second service, the feedback code or the result ofthe command is communicated in a feedback message MCRa by the firstservice Svc1 to the second service Svc2 which receives it at a stepECSvc29. The format of this message may be distinct from that of themessage MCRb, a format conversion may be carried out by the firstservice Svc1.

Supervision Method

We will now describe a method for supervising at least one homeautomation device D belonging to a home automation installation Su withreference to FIG. 6. We herein assume that the steps of a configurationmethod have been carried out, for example, in accordance with what hasbeen previously exposed with reference to FIG. 4a or 4 b.

At a step ESD1, the home automation device D emits a supervision messageMS corresponding to an event of change in value of a state variable S tothe central control unit U to which the considered device D is related,the central control unit receiving this message at a step ESU1.

At a step ESU2, the central control unit U emits a supervision messageMSb, which contains information concerning the event of change in valueof the state variable S or translates them in a different format, so asto transmit them to the first service Svc1, which receives the messageMSb at a step ESScv12.

According to one variant, in the case where the central control unit Uis integrated in the device D, the constitution of the supervisionmessage MSb may be carried out locally upon the detection of thetriggering event corresponding to the change in value of a statevariable.

According to another variant, in the case where the central control unitU is distinct from the device D, it is also possible that the deviceperiodically sends messages MS and that it is the central control unit Uwhich operates a check-up to identify changes in value. Finally, it isalso possible that supervision messages MSb are sent without notice ofany change in value.

At a step ESSvc13, the first service Svc1 determines whether asupervision message MSa should be sent to the second service. Inparticular, the service Svc1 operates a monitoring in order to check theidentification of the second service Svc2, for example, based on acheck-up of the validity of the identification token Tk. The firstservice Svc1 then checks whether there is a supervision authorizationconcerning the device D, that is to say if it concerns a device D forwhich an authorization has been given during the configuration and/or ifthe communication of supervision information concerning the concernedstate variable S is authorized for this device for the service Svc2. Inparticular, this check-up is carried out before the repository Rf.

Thus, a filtering on a state variable S type can be carried out, or evena filtering on value ranges of the state variable S.

At a step ESSvc14, and to the extent that the first service Svc1 hasdetermined that such a message MSa should be sent, the first serviceSvc1 emits a supervision message MSa to the second service Svc2, whichreceives the message at a step ESSvcs24.

In FIG. 6, the steps ESSvc14 and ESSvc24 feature a notification betweenthe first service Svc1 and the second service Svc2 which corresponds toa direct sending. Nonetheless, it is possible that other mechanisms maybe used.

In particular, according to a first variant, a queuing mechanism may beimplemented, the messages may be stored by the first service on thequeue and collected by the second service asynchronously.

Other push/pull type systems may also be used.

At a step ESSvc15, a local storage of information relating to the statevariable may be carried out by the first service Svc1. It is possiblethat a filtering of the information is carried out at this stage. Thisconfiguration is in particular useful in the case where the device D isthe property or under the monitoring of a second entity in charge of thesecond service Svc2, the first service Svc1 and possibly the centralcontrol unit, being under the monitoring of a first entity and acting asan intermediate infrastructure service. Thus, the first service Svc1 canserve as a communication channel between home automation devices D of ahome automation installation Su and a second service Svc2 yet withoutbeing authorized to consult or keep the data that it ensures the transitthereof.

It should be noted that it is also possible that no storage is carriedout.

At a step ESSvC26, a local storage of the information relating to thestate variables S may be carried out by the second service Svc2.

1. A method for configuring a remote access to at least one homeautomation device belonging to a home automation installation, the homeautomation installation comprising the at least one home automationdevice and at least one central control unit, the method beingimplemented by a first remote access service executed by a managementunit and comprising the following steps of: receiving a remote accessrequest concerning at least one home automation device related to theprofile of a user for the benefit of a second service, the requestrelating to an identifier of the user from the first service; receivingan authorization of the access request by the user; configuring anaccess right repository in order to approve at least one control orderoriginating from a second service or the sending of supervision data tothe second service on behalf of the home automation device related tothe profile of the user.
 2. The configuration method according to claim1, wherein the configuration step comprises a step of generating anidentification token for the second service.
 3. The configuration methodaccording to claim 1, wherein the remote access request is received fromthe second service.
 4. The configuration method according to claim 3,comprising the following step, prior to step of receiving anauthorization, consisting in: requesting an approval or a confirmationof the access request for the benefit of the second service before theuser.
 5. The configuration method according to claim 1, wherein theremote access request for the benefit of the second service is receivedfrom the user.
 6. The configuration method according to claim 5, furthercomprising the following step of: sending at least one messagecontaining a list of second services available to the user or a userterminal; the of receiving a registration and approval request Min/Maccorresponds to a selection of a second service in the list of secondservices contained in the message.
 7. The configuration method accordingto claim 6, further comprising the following step, prior to the step ofsending a message containing a list of the available second services,consisting in: receiving a query message originating from the user inorder to obtain a list of available second services from the firstservice.
 8. The configuration method according to claim 1, comprisingthe following step of: sending an approval/registration message to thesecond service.
 9. The configuration method according to claim 1,comprising the following step of: sending at least one message fordescribing or transmitting a filtered view of the installation or agroup of home automation devices comprising at least one device, to thesecond service.
 10. A method for configuring a remote access to at leastone home automation device belonging to a home automation installation,the home automation installation comprising the at least one homeautomation device and at least one central control unit, the homeautomation installation being accessible by a first remote accessservice, the method being implemented by a second remote access serviceand comprising the following steps of: receiving an authorization of anaccess request by the user; the remote access request concerning atleast one home automation device related to the profile of a user forthe benefit of a second service; configuring a profile or an account forthe user on the second service and recording a correspondence between anidentifier of the user on the first service, and the identifier of theuser on the second service.
 11. A method for remotely controlling atleast one home automation device belonging to a home automationinstallation the home automation installation comprising the at leastone home automation device and at least one central control unit, themethod being implemented by a first remote access service executed by amanagement unit) and comprising the following steps of: receiving acontrol message concerning at least one command to be carried out on theat least one home automation device originating from a second service;checking the authorization of the command requested in the message forthe service before an access right repository; in the case where thecommand is authorized for the second service, sending at least onecontrol message to at least one central control unit to which the atleast one home automation device, concerned by the command, is related.12. The remote control method according to claim 11, wherein: thecontrol message concerning at least one command to be carried out on theat least one home automation device originating from a second servicecomprises an identification token; the method further comprising a stepof checking the validity of the identification token for the servicebefore the access right repository.
 13. The remote control methodaccording to claim 11, further comprising the following steps of:receiving a feedback message originating from the central control unitto which the device is related. checking the authorization of thesending of a feedback message for the command to the service before anaccess right repository; in the case where the communication of thecommand feedback code is authorized for the second service, sending afeedback message to the second service.
 14. A method for remotelysupervising at least one home automation device belonging to a homeautomation installation the home automation installation comprising theat least one home automation device and at least one central controlunit, the method being implemented by a first remote access serviceexecuted by a management unit and comprising the following steps of:receiving a supervision message originating from a central control unitcomprising information concerning at least one state variable of the atleast one home automation device related to the central control unit.checking the authorization of the sending of a supervision messageconcerning the state variable of the home automation device to thesecond service before an access right repository; in the case where thesending of the supervision message is authorized, sending a supervisionmessage to the second service.
 15. The remote supervision methodaccording to claim 14, further comprising the following step of: storinginformation relating to the state variables by the first service. 16.The configuration method according to claim 2, wherein the remote accessrequest is received from the second service.
 17. The configurationmethod according to claim 16, comprising the following step, prior tostep of receiving an authorization, consisting in: requesting anapproval or a confirmation of the access request for the benefit of thesecond service before the user.
 18. The configuration method accordingto claim 2, wherein the remote access request for the benefit of thesecond service is received from the user.
 19. The configuration methodaccording to claim 18, further comprising the following step of: sendingat least one message containing a list of second services available tothe user or a user terminal; the of receiving a registration andapproval request Min/Mac corresponds to a selection of a second servicein the list of second services contained in the message.
 20. Theconfiguration method according to claim 19, comprising the followingstep of: sending an approval/registration message to the second service.